In the Sitefinity CMS security space, all user and role management is handled through the ASP.NET Membership APIs. Sitefinity's backend uses its own custom membership and role providers, which utilize OpenAccess ORM to persist the users and roles into the Sitefinity CMS database. Before the 4.1 release of Sitefinity CMS, we didn't provide the option to substitute these providers with your own. Since then doing this is a piece of cake.
We've seen a lot of requests asking how you can use the default ASP.NET Sql Membership Provider to log into the Sitefinity CMS backend. This is a common need for users who are moving their existing applications to Sitefinity CMS. Here is how you can do this:
If you are moving an existing solution, you've probably already performed this step. For the purposes of this sample, we're going to use the database from a Sitefinity CMS project made with the Project Manager and create the tables needed by the SqlMembershipProvider to store data. The most convenient step to do this is to use the aspnet_regsql.exe tool that ASP.NET provides for us. If we run it, it opens a wizard that guides us through the process:
This wizard is used by ASP.NET to either create the needed tables needed by the provider, or remove them if they are no longer necessary. We need to select the former option in the second step.
The only information that the wizard needs is a connection string to the database it is going to work with. If you provide a name of a non-existing database, the wizard will create it for you. In our case we are using the same database that we have in one of our projects in Project Manager version 6.1 (the name of the database is Sitefinity):
Following the steps you will be prompted to confirm the settings in the previous step:
When we complete these steps, the database will be ready for use by the SqlMembershipProvider.
Now we can proceed with registering the provider with Sitefinity.
These steps are done exactly like you would do them in a regular ASP.NET application. We need to include elements in the web.config file indicating the role and membership providers we are going to use. Also, we need to provide the connection string to the database we created in the previous step. Here are the new sections we've added to the web.config file:
"data source=.\SQLSERVER2008R2;Integrated Security=SSPI;initial catalog=Sitefinity"
. . .
To create a user in the new provider using Visual Studio 2013, follow the steps below:
PREREQUISITES: Ensure that yoursite is working on .NET Framework 4.0 and above.
To create a user in the new provider, using Visual Studio 2013, perform the following steps:
"C:\Program Files\IIS Express\iisexpress.exe" /path:c:\windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles /vpath:"/asp.netwebadminfiles" /port:8089 /clr:4.0 /ntlm
NOTE: Here [Exact_Project_Path] refers to the absolute path to the Visual Studio Project folder with the solution file in it.
This will start running the ASP.net Web Site Administration Tool.
This will open a web administration tool with options to configure application settings.
We can manage users and roles by clicking on the Security tab. This tool uses the project's web config file to retrieve information about your providers, so if you encounter any error here, the most likely cause is something in your web.config.
On this screen, we only need to click the "Create user" link, and then provide all the information needed for the new user. After we click "Save", our new user is ready and persisted in the database.
Up to now, we've created the membership database needed by SqlMembershipProvider, registered the provider with Sitefinity CMS, and created a sample user in this provider. However, we still cannot log in with this user, because of missing rights to access the backend, noting that You do not have permission to access ...
To fix this, we need to assign the new user to a Sitefinity CMS role able to access the backend. Logging in with existing CMS user, we should be able to see the new provider and the newly created user.
Finally, go to the Edit User panel for this user to enable the user to access the site backend, and then assign the user to the Administrators role.
Now, when the user logs out and then logs in, their administrative access is allowed.
This sample demonstrates the scenario by using the ASP.NET SqlMembershipProvider. However, you can implement any membership provider and still use it with Sitefinity CMS. For more information about implementing custom membership providers, you can visit MSDN. Let us know in the forums or support system about issues you encounter.
Back To Top